class RuboCop::Cop::GitlabSecurity::SendFileParams
basename = File.expand_path(“/tmp/myproj”) filename = File.expand_path(File.join(basename, @file.public_filename)) raise if basename != filename send_file filename, disposition: 'inline'
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/gitlab-security/send_file_params.rb, line 29 def on_send(node) return unless node.command?(:send_file) return unless node.arguments.any? { |e| params_node?(e) } add_offense(node, location: :selector) end